tag:blogger.com,1999:blog-6052198192158185644.post1374199317293856328..comments2019-05-23T20:38:27.495-04:00Comments on Exploit Monday: PowerShell is Not Special - An Offensive PowerShell RetrospectiveMatt Graeberhttp://www.blogger.com/profile/02692973807909017107noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-6052198192158185644.post-8435920127214628342017-02-10T09:20:24.963-05:002017-02-10T09:20:24.963-05:00I&#39;m glad to see this writeup by you since I sh...I&#39;m glad to see this writeup by you since I share the same thoughts. spot on.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6052198192158185644.post-28132304855243043462017-01-08T21:22:00.509-05:002017-01-08T21:22:00.509-05:00Tony,
I&#39;m glad you&#39;ve been using PowerShe...Tony,<br /><br />I&#39;m glad you&#39;ve been using PowerShell for security!<br /><br />Cheers,<br />MattMatt Graeberhttps://www.blogger.com/profile/02692973807909017107noreply@blogger.comtag:blogger.com,1999:blog-6052198192158185644.post-40588945994184276412017-01-08T21:00:35.807-05:002017-01-08T21:00:35.807-05:00I&#39;m going to hazard a guess that you&#39;re no...I&#39;m going to hazard a guess that you&#39;re not a defender and that you have yet to be caught running PowerShell in an environment. I can say that a large amount of our customers are both configuring and monitoring PowerShell logs to the point that we&#39;ve recognized a need to diversify our tradecraft to an extent. No where in this post did I mention that PowerShell attacks would decrease. Quite the contrary. When I was reversing malware full time, we saw a massive increase in PowerShell malware (a lot of which included rips of my code). The point of this article is to reiterate that defenders are empowered with tools to detect malicious PowerShell should they choose to employ them. I figured many would appreciate hearing this from someone who has spent years writing offensive PowerShell code.Matt Graeberhttps://www.blogger.com/profile/02692973807909017107noreply@blogger.comtag:blogger.com,1999:blog-6052198192158185644.post-78629010208290278492017-01-08T20:38:00.583-05:002017-01-08T20:38:00.583-05:00How many organisations do you know of that are:
(1...How many organisations do you know of that are:<br />(1) logging powershell commands<br />(2) actively reviewing those logs<br /><br />I would hazard a guess that it&#39;s 0. That&#39;s why attackers are using powershell.....Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6052198192158185644.post-43757809974841353592017-01-06T09:14:00.307-05:002017-01-06T09:14:00.307-05:00Using PowerShell for pentesting came as pleasant s...Using PowerShell for pentesting came as pleasant surprise to me after I took a crash course in it to fix some issues we were having with Office365. I looked at Metasploit many years ago but never really got into it and picking up Ruby never really appealed to me (C# dev is my day job). However after seeing Powersploit on GitHub, I plan on doing some basic pentesting with it this year. Tonyhttps://www.blogger.com/profile/01547881462472619875noreply@blogger.com